Kali Linux: Backdoor-factory tool

In this post I would like to introduce you to a not so well-known yet useful Kali Linux for exploitation as well as maintaining access. This Kali Linux tool called Backdoor-Factory.

Backdoor factory can be used to gain access to Windows 7, 8, and 10. Even though this tool is useful but it is not very convenient since the victim needs to execute a certain executable file before we can get the session to gain the access. However, it is good in a way when we do not want the victim to be suspicious since when the victim executes the file, the victim would not know the malicious shellcode is running in the background. Continue reading

Playing Around with DVWA

After installing DVWA a couple weeks ago, it is futile if we do not make use of it. Just like what Anton Checkov said “Knowledge is of no value unless you put it into practice”. DVWA is one of the safest place for pentester to learn. Here in DVWA we could learn a lot such as reading and understanding the code and finding its vulnerability, trying to do brute force, command injection, and many more. In this post I will cover low level sql injection and low level file inclusion.

if you have not install the DVWA please refer to DVWA installation. Else, lets start.

Continue reading

Social Engineering as Part of Penetration testing

Social Engineering in term of information security means the use of deception to manipulate individuals to share their personal information. Social engineering can also deceive people to think that they are doing the right thing but in reality they are not. Why we should be aware of social engineering? Development of technology like web application depends on people, process, and technology. Among those three, it can be said that people are the weakest link to break into the system.

One way to do social engineering is to get a person’s personal information such as password and username. This can be done by duplicating the web page and send email to the web application users. Below is the example of how it could be done.

Continue reading

Webinar: Hacking and Defending a Linux-Based Capture-the-Flag

In this post I will share the link of the documentation for webinar ( “Hacking and Defending a Linux-Based Capture the Flag” ) held on 17 of April by Jay Beala. If you are not familiar with webinar, it is basically a web-based seminar. This Webinar mainly talked about how to attack Donkey Docker CTF case and how to defends it.

Click here to see the documentation.

 

Multi-function Tool in Kali Linux: Armitage for vulnerability analysis

Kali Linux provides us with several useful tools that we could use for penetration testing. Not forgetting one of its useful multi-function tools called Armitage. It is an attack management tools with Graphical User Interface that makes it easier for us to do penetration testing. Actually, It is more accurately a graphical interface for Metasploit framework. If you would like to know more about Metasploit framework. You can read What is Metasploit Project? by Margaret Rouse

In this post I will only show how to scan a range of network, the open port and the type of OS.

Continue reading

Enumeration Practice

Today, I got a lecture about how to enumerate data and was given a task.

Our task was to do these three things:

  1. Enumeration User wp1.pentest.id
  2. Enumeration User jo1.pentest.id
  3. Enumeration User Email @pentest.id

Several tools that were suggested:

  1. wpscan
  2. jooscan
  3. TheHarvester
  4. Google
  5. Nmap

so now I would like to show the results and techniques that I used to solve these task.

Continue reading

Fun Way to Learn Linux Command

Last week, my lecturer asked us to study about Linux command. However, studying about command line was not one of my favorite things, but at that time my friend suggested that I study Linux command from a game on the web called OverTheWire: Bandit.

This game consist of 26 level that encourage us to explore some of fundamental linux command that might be useful for us later on. It is a pretty interesting game.

Below is some of the screenshot of how to play it.

Continue reading